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AMENDMENTS;rt) THE CLAIMS 





This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

Listing of Claims: 

dm 1 (original): A method for filtering packets, comprising: 
receivhqe a packet sent from a first device to a second device; 
authenticating an identifier for said packet; 

determining wh^her to send said packet to said second device; and 
sending said packeN;o said second device in accordance with said determination. 

Claim 2 (original): The metiiod of claim 1, wherein said determining comprises: 
comparing said identifier to a liH^f identifiers; 
retrieving at least one policy rule; 

determining whether to send said pac^ to said second device in accordance with said 
comparison and said policy rule. 

Claim 3 (original): ThoLmethod of claim 1, wherein said identifier is a common host 
identifier. ^.Jk 

Claim 4 (originsS): The method of claim 1, wherein said authenficating is performed in 
/\ 

cordance with IPSEC standards. 

Claim 5 (original): The method of claim 1, wherein said authenticating comprises: 
retrieving a pointer ro a security association from an authentication header from said 

packet; 

retrieving a key associatki with said security association; and 
determining whether said |)acket is authentic using said key. 

Claim 6 (original): The method of claim 5, wherein said identifier is not authentic, 
further comprising sending a first message to a third device indicating said identifier is not 
authentic. 
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Ciaim 7 (original): The method of claim 5 wherein said authentication header is an 
IPSEC authentication header. 

Claim 8\original): The method of claim 1, wherein said packet is encrypted prior to said 
receiving, further comprising decrypting said packet prior to authenticating. 

Claim 9 (original): The method of claim 8, wherein said packet is encrypted and 
decrypted using one of g\up of cryptographic techniques comprising DES, triple DES, HMAC 
and RSA. 



Claim 10 (original): Tl^e method of claim 1, wherein said policy rule is stored in a 
policy configuration file at said secbnd device. 



Claim 11 (original): A machine-readable memory whose contents cause a computer 
system to perform packet filtering, by performing the steps of: 

receiving a packet sent from a firs^device to a second device; 
authenticating an identifier for said jacket; 

determining whether to send said packet to said second device; and 

sending said packet to said second devic^n accordance with said determination. 

Claim 12 (original): The machine-readable memory of claim 11, wherein said 
determining comprises: ^ 
comparing said identifier to a list of identifiers; 
retrieving at least one policy rule; \ 

determining whether to send said packet to sai^ second device in accordance with said 
comparison and said policy rule. 

Claim 13 (original): The mac^^ne-readable memory of claim 11, wherein said identifier 
is a common host identifier. 



Claim 14 (original): Tihe machine-readable memory of claim 11, wherein said 
authenticating is performed in accordance with IPSEC standards. 

Claim 15 (original): Th\ machine-readable memory of claim 11, wherein said 
authenticating comprises: 
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retfieving a pointer to a security association from an authentication header from said 

packet; 

retrie^ng a key associated with said security association; and 
determirving whether said packet is authentic using said key. 

Claim 16 (original): The machine-readable memory of claim 15, wherein said identifier 
is not authentic, further comprising sending a first message to a third device indicating said 
identifier is not authentV. 

Claim 17 (original): The machine-readable memory of claim 15 wherein said 
authentication header is an ffiSEC authentication header. 

Claim 18 (original): Tm machine-readable memory of claim 11, wherein said packet is 
encrypted prior to said receiving, further comprising decrypting said packet prior to 
authenticating. 

Claim 19 (original): The machine-readable memory of claim 18, wherein said packet is 
encrypted and decrypted using one of ^oup of cryptographic techniques comprising DES, triple 
DES, HMAC and RSA. 

Claim 20 (original): The machinerreadable memory of claim 11, wherein said policy 
rule is stored in a policy configuration file aftsaid second device. 

Claim 21 (original): A packet filter fona distributed firewall, comprising: 

an input means coupled to said first network for receiving a data packet from a first 
device, said data packet having an encrypted comnion host identifier; 

a first buffer coupled to said input means tor storing said received packet; 

a first memory segment containing a list of common host identifiers and at least one 
policy rule; \ 

a second memory segment for storing a program for decrypting said common host 
identifier, authenticating said common host identifie|, and determining whether to send said 
packet to a second device based on said list and said policy rule; 

a processor coupled to said first buffer, said Wirst memory segment and said second 
memory segment for executing said program; and \ 

an output means coupled to said first buffer for forwarding said compared data packet to 
said second device based on said comparison. 1 
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Claim 22 (cuirently amended): The apparatus of claim 21, further comprising a second 
buffer for storing saiq compared data packet prior to forwarding said compared data packet to 
the second device. 




Claims 23-28 (cancelled). 

A 
It 

Claim 29 (original): A distributed firewall system, comprising: 
a first network device; 

a second networlA device in communication with said first network device; 
a packet filter processor for each network device; 

an encryption meams coupled to said packet filter processor, said encryption means for 
decrypting and authenticatii^g a packet sent between said first network device and said second 
network device; and 

a system management Vnodule to manage said packet filter processors. 



Claim 30 (new): Tihe system of claim 29 wherein said authenticating comprises: 
retrieving a pointe^ to a security association from an authentication header from said 

/packet; 

/ retrieving a key associated with said security association; and 

determining whether Vaid packet is authentic using said key. 



Claim 31 (new): The sj^tem of claim 30 wherein said authentication header is an IPSEC 
authentication header. 
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